Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl-Sensitive Sunglasses
 
PerlMonks  

Re^3: Keeping a password safe.

by moritz (Cardinal)
on Jun 11, 2012 at 09:01 UTC ( #975524=note: print w/ replies, xml ) Need Help??


in reply to Re^2: Keeping a password safe.
in thread Keeping a password safe.

Your analogy misses an important point. To compromise a windows system, you have to find a new vulnerability, which isn't easy.

But to get access a password that a program uses for accessing an FTP server, all one has to do is to monitor the network traffic. There are even tools that automatically sniff out passwords from traffic dumps.

Even if you use a more sophisticated approach (like ftp over ssl), the password needs to be in plain text in the memory of your application, and using a debugger it's not hard work to find it out.

So since the technical avenue is closed for you, I'd recommend to hand out the passwords to your users, and forbid them (in your terms of service) to give it to third parties. Since you want to protect the downloads, I infer that you sell your software commercially, so you already have some form of direct contact with your customers.

If you want to be a bit more careful, give out different passwords to different users, so that you can easily diable one of them if you suspect abuse.

Note that any "clever" solution which tries to obfuscate the password will make debugging much harder in case something goes wrong (and something always goes wrong).


Comment on Re^3: Keeping a password safe.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://975524]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others perusing the Monastery: (9)
As of 2014-12-26 07:24 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (167 votes), past polls